Message 230650 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	pitrou
Recipients	Arfrever, Tim.Graham, berker.peksag, georg.brandl, pitrou, r.david.murray
Date	2014年11月04日.18:34:36
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1415126076.32.0.571958779106.issue22796@psf.upfronthosting.co.za>

Content
The security issue isn't easy to explain, it involves an elaborated set of services (browser, Web site...) each having a slightly different notion of cookie parsing to mount an attack allowing to bypass CSRF protection on certain Python-powered frameworks. It's from a report made to security@p.o.

Content

The security issue isn't easy to explain, it involves an elaborated set of services (browser, Web site...) each having a slightly different notion of cookie parsing to mount an attack allowing to bypass CSRF protection on certain Python-powered frameworks. It's from a report made to security@p.o.

History
Date	User	Action	Args
2014年11月04日 18:34:36	pitrou	set	recipients: + pitrou, georg.brandl, Arfrever, r.david.murray, berker.peksag, Tim.Graham
2014年11月04日 18:34:36	pitrou	set	messageid: <1415126076.32.0.571958779106.issue22796@psf.upfronthosting.co.za>
2014年11月04日 18:34:36	pitrou	link	issue22796 messages
2014年11月04日 18:34:36	pitrou	create

homepage